Please help us continue to provide you with free, quality journalism by turning off your ad blocker on our site.

Thank you for signing in.

If this is your first time registering, please check your inbox for more information about the benefits of your Forbes account and what you can do next!

I agree to receive occasional updates and announcements about Forbes products and services. You may opt out at any time.

I'd like to receive the Forbes Daily Dozen newsletter to get the top 12 headlines every morning.

Forbes takes privacy seriously and is committed to transparency. We will never share your email address with third parties without your permission. By signing in, you are indicating that you accept our Terms of Service and Privacy Statement.

Top 10 Strategic CIO Priorities Of 2018

CIOs across the globe are constantly evaluating a fusillade of emerging technologies, business models, and economic movements being fired at them. Machine Learning. Blockchain. The Internet of Things. Industry 4.0. The Subscription Economy. Autonomous Everything. Digital Transformation.

No question, as we begin 2018 the priorities in front of CIOs are daunting, just as they were last year…and the year before that.

But no CIO can ignore the considerable business opportunities those technology-based advances present: lower costs; more efficient supply chains; more secure networks and data stores; more dynamic and reliable products; more personalized customer service; and—if CIOs and their teams get it right—more abundant, loyal customers.

In this, our sixth annual list of the 10 most important challenges CIOs must take on and opportunities they must seize in the coming year, you’ll notice some priorities return from last year, with important updates. As we said last year, real change doesn’t happen in tidy annual increments.

This list isn’t exhaustive either. Depending on your industry, company size, and technology/business maturity level, your organization may have other fish to fry. But we recommend that you at least consider these 10 priorities, in no particular order.

1. Establish or re-establish your digital cred. My, how much conventional wisdom has changed in just a few short years.

Remember when chief digital officers were going to marginalize or replace most chief information officers? IDC predicted in 2014 that by 2020, CDOs would “supplant” CIOs at 60% of global companies “for the delivery of IT-enabled products and digital services.” PwC joined in the following year, observing at the time that CIOs were leading digital efforts at 40% of companies but would be leading them at only 31% in three years.

We thought that was nonsense then; we still do.

At least one major consultancy agrees with us now. Forrester Research predicts that the CDO will fade into obsolescence within five years as “digital transformation” at each company broadens beyond a handful of special initiatives to become the core, revenue-generating business—at which point CIOs will assume control of the digital strategy, working with the CEO and other C-level peers in sales, marketing, HR, and operations.

That’s not to say that any CIO can rest easy. Forrester notes that 60% of executives still think their companies are behind on digital transformation initiatives, and it predicts that 20% of CEOs will fail to act. As a result, Forrester maintains, those stragglers will be acquired or perish.

2018 is the year that CIOs who are still on the outside looking in must firmly establish or re-establish their digital credibility and authority. Nothing less than their jobs and their companies’ relevance are on the line.

2. Think differently about information security. Several notorious security breaches in 2017 served as poster incidents for the costs of lax data security practices. One company’s CEO, CIO, and chief information security officer lost their jobs as a result of a breach that resulted from the company’s failure to patch a known vulnerability in key systems, forcing it to spend millions of dollars cleaning up the mess.

Few other companies can claim the moral high ground. Yours, too, may be just one unpatched system away from suffering the same punishment. And as the aforementioned example confirms, information security is as much a CIO (and CEO) priority as it is a CISO one.

Companies can’t keep throwing money at this problem. While the 1,178 CIOs and other IT leaders who responded to the latest annual Society for Information Management (SIM) survey say that cybersecurity is their companies’ No. 1 IT challenge, and that it’s the issue that’s most personally worrisome to them, their companies actually spent less money on cybersecurity in 2017 (as a percentage of their IT budgets) than they did in 2016, the survey found. Clearly, companies must get smarter and more efficient about how they protect their valuable data assets, especially the data they hold on customers and business partners.

Every CIO must understand that the long-term solution lies in the cloud, as world-class security has become a core competency of most major cloud providers. No wonder that the higher an organization’s level of cloud maturity, the greater its confidence in its security capabilities, according to a recent global survey of large enterprises conducted by Longitude Research.

Consider the built-in security of one recent cloud innovation, Oracle Autonomous Database Cloud, announced at Oracle OpenWorld in October. This “self-driving” database is engineered to automatically and continuously patch (as well as tune, back up, and upgrade) itself without human intervention, all while the system is running. Strengthening the Oracle Cloud security proposition is the fact that 100% of the data there is encrypted, whereas customers encrypt only about 0.5% of the data they store and manage in the Oracle databases in their own data centers, notes Oracle CEO Mark Hurd.

“It’s hard to imagine that customers’ data could be more secure on their own premises,” Hurd said in an interview with Recode’s Kara Swisher at a conference last year. “You’ve got all of these different configurations on premises—different servers, different operating systems, different databases, even different versions of our database. So when you say patching, it may sound like it’s easy—it’s actually really hard.”

By 2022, a company’s cybersecurity rating will become as important as its credit rating when customers, suppliers, and partners assess the risk of doing business with that company, according to Gartner. How would your company rate now?

3. Take your business beyond its traditional borders. As the Internet of Things (IoT), machine learning, advanced data analytics, and other cutting-edge technologies move into the enterprise mainstream, CIOs have better tools to help take their companies into adjacent industries—even to the point where they may have to cannibalize parts of their own business model.

Agricultural companies are moving into the insurance business, providing services to farm operators that are informed by their analysis of soil, weather, crop yield, and other data. Anticipating that digital and other competing services will eat further into its postal delivery revenues, France’s La Poste used data analytics to identify several areas for expansion. For example, La Poste is now moving into elder care (customers pay for the local mail carrier to visit their elderly parents for up to 15 minutes) and delivery of gourmet food, retraining existing employees to provide those services.

“Those kinds of industry intersection points are going to generate the next generation of business opportunities,” says Sunil Kanchi, CIO of digital technology service provider UST Global, which recently worked with a healthcare company on an IoT device that crosses into the auto industry. When integrated with car seatbelts, the device—a sort of digital stethoscope—monitors the driver’s health in real time, so that if the driver has a heart attack or some other life-threatening health episode, it automatically parks the car and calls an ambulance. “The CIO and the technology people are the ones who are enabling those cross-industry opportunities to be realized,” Kanchi says.

One of the most striking examples of the blurring lines between industries is CVS Health’s proposed $69 billion acquisition of Aetna, which would marry one of the world’s largest pharmacy retailers to one of the largest health insurers. The deal positions CVS’s 10,000-plus stores as full-service community clinics that deliver advice, tests, ongoing care, and insurance products, leveraging both companies’ applications and vast amounts of patient and market data.

“It all starts with the data,” says Jim Moffatt, head of Deloitte Global Consulting. “There’s so much data available today that the ability to understand your customer and connect with your customer in a fundamentally different way is now possible. The question is now what do you do with that, right? But the potential to shift business models and move into adjacent spaces is really unparalleled.”

4. Consider repositioning your company’s products as subscription services. Principal among those potential new business models and adjacent spaces is for your company to start offering its products as subscription services. Companies are now charging monthly fixed or usage-based prices for everything from shavers (Gillette On Demand and Dollar Shave Club), music (Spotify), meals (Blue Apron), and home-monitoring systems (Ring) to cars (Book by Cadillac and Porsche Passport), aircraft engine maintenance (GE Digital), and business software (Oracle).

Estimates of the size of the global subscription services market vary, with some industry watchers putting it at close to $1 trillion and growing by double-digit percentages every year, as cloud infrastructure and software tear down the barriers to market entry. Billions of dollars of venture capital funding have poured into subscription-based startups during the past several years.

“Every company is becoming a cloud company, and that creates massive opportunities,” says Jason Maynard, senior vice president of strategy and marketing with Oracle NetSuite. NetSuite’s cloud ecommerce and financial applications help run a number of subscription-based customer companies, including Blue Apron and Ring.

“No longer will product companies just sell products or service providers just sell services,” Maynard says. “Every business must offer its wares as a service. This requires new business models whereby customers can consume offerings via a subscription or by usage and potentially even pay for outcomes.”

Moving from selling products to recurring services is a CIO priority because such a move requires specialized commerce, pricing, billing, payment, revenue management, and analytics systems.

Consider the technical complexity behind subscription “box” retailer Trunk Club, whose stylists work with each customer to create an assortment of clothes that fit his or her individual style and preferences, and then they share that virtual “trunk” via a mobile app. The Trunk Club platform is built on a microservices architecture, where each element required to build a trunk preview—information on products, members, outfit options, and fulfillment—is its own service with its own snippets of data, which are pulled together via an API that delivers the full picture to the customer via the app.

Says Brian Lee, engineering manager at Trunk Club (which was acquired by Nordstrom in 2014): “As a product-first company and a technology company, we’re always iterating on what we can do better, making small changes and learning from the experience to make it better for the customer.”

5. Focus, focus, focus. Two aphorisms apply to CIOs here: Understand that “the perfect is the enemy of the good” and that it doesn’t pay to be “a jack of all trades but master of none.”

Consider Raytheon CIO Kevin Neifert’s take on those two notions. Writing on The Enterprisers Project, a CIO community site, Neifert observes that he and his CIO peers tend to be perfectionists—“we strive to get an A in everything we do”—when instead they must come to terms with the fact that “there’s way more work to do than can possibly be done well.”

He advises CIOs to emulate other senior business leaders who spend much of their valuable time figuring out which critical priorities are worthy of their A efforts, and in which areas it’s OK for their organizations to earn just a C—so that they don’t end up doing B work across the board. Neifert has gone so far as to formally put his organization through this A/C grading exercise as part of its annual goal-setting activity, settling on only three top priorities for the year ahead “where we must get an A.”

“For everything else we said it’s OK to earn Cs,” Neifert says. “We’re not encouraging people to do substandard work. Rather, we’re simply making clear that we don’t need to be perfect in areas outside of our top priorities.”

6. Automate what you can so that company employees can focus on higher-value work. Companies will never be able to focus on the stuff that truly matters if big chunks of their people’s time are consumed by routine tasks. Machine learning now allows companies to automate work once considered doable only by humans, improving the accuracy and efficiency of that work while putting human intellects to more productive use.

For example, by 2020, analysts predict, candidates applying for jobs at about 20% of large global enterprises will interact with “chatbots” powered by machine learning before engaging with recruiters—freeing recruiters from up-front administrative tasks so that they can focus on identifying new sources of talent and other, more strategic priorities.

In CIOs’ own organizations, vendor-managed cloud computing services are starting to free IT teams from the mind-numbing routines of system maintenance, repairs, patching, and upgrades. The aforementioned cloud-based autonomous database, for example, will liberate database administrators from endless system patching and tuning duties, letting them step back from their keyboards “and look at the business from the view of the CFO or the CTO or other internal customers,” says longtime DBA Dan Morgan, principal adviser at tech firm Meta7.

No question, some forms of automation—electronic toll collection and self-driving cars come to mind—have and will replace certain kinds of jobs. But more common will be the example of what happened after banks introduced ATMs in the 1980s: The number of bank tellers industry-wide actually increased, partly because tellers evolved from processing checks and distributing cash to helping solve a variety of customers’ financial problems.

7. Move from machine yearning to machine learning. In just one year, machine learning has left the exclusive domain of the resident futurists (“We need to figure out what this emerging technology can do for us someday!”) and entered the domain of the prudent practitioners (“We’d better start deploying actual applications or risk falling behind our competitors!”).

Companies across industries already use applications imbued with machine learning algorithms, which analyze and continually learn from the massive amounts of data they ingest in order to improve business decision-making and initiate actions. In customer service, for example, chatbots are answering customers’ questions and helping them make better choices. (Gartner expects more than half of enterprises will spend more per year on developing bots/chatbots than on conventional mobile apps by 2021). In human resources, ML-based applications promise to give hiring mangers recommendations for best-fit candidates and help them predict attrition. In marketing, such tools are letting companies personalize offers to customers and measure how satisfied they are at different digital touch points.

We’re seeing industry-specific ML applications as well. One telecom carrier is using them to reduce customer-churn “false alarms,” letting it focus on those customers truly at risk of leaving. Online retailers are generating dynamic web pages that provide customers with tailored product suggestions, using data on each customer’s purchase history blended with his or her real-time website searches. Trucking companies are using ML-based applications to map out the least congested, most optimal routes for drivers. (Next big step: ML-based self-driving trucks.)

Last year we urged CIOs to start researching and experimenting with applications based on artificial intelligence and its machine-learning offshoot, because the building blocks (industry-specific algorithms, on-demand cloud storage and compute processing power, massive amounts of internal and third-party data) were finally at their disposal.

A continuing challenge is that artificial intelligence/machine learning is the most problematic technology to implement, according to the CIOs in Gartner’s 2018 CIO Agenda survey who have actually done such implementations. The most common pain point: finding the requisite skills.

Regardless, this is the year to deploy at least a handful of machine learning-based production applications to wow customers and shore up operations. Or wave as your competitors pass you by.

8. Do your blockchain blocking and tackling. Another emerging technology, blockchain, best known as the foundation of the Bitcoin crypto-currency, needs to rise on many a CIO’s priority list.

Blockchain lets multiple entities in a commercial, legal, or other transaction share data on a universal ledger without a central authority. Each entity controls its data using a private key and independently verifies transactions in the chain. Transactions added to any block in the chain can’t be altered and are validated by multiple entities participating in that chain.

Among the common transactions that blockchain can manage are payment records, safety inspections, building permits, mortgage and loan records, purchase orders, and invoices. In one supply chain example, a food retailer uses blockchain to check the provenance of its meats and view government inspection certificates, while the retailer, meat processor, and original seller exchange fiduciary documents, validate shipments, and reconcile orders and invoices—all without needing a bank or other third party to validate those transactions.

Banking and other financial services companies were the first to embrace blockchain ledgers, but CIOs at companies in a range of industries (like the livestock agriculture one described above) are evaluating the technology for their purposes.

Still, a new report from consultancy Everest Group urges clients to proceed with caution. Among the questions it urges CIOs to consider when evaluating blockchain for their companies: How critical is the affected process? How confidential is the data to be shared within the blockchain ecosystem? How big a change is required to align the process with the new blockchain-based environment? And how much money does your company have sunk into the hardware and software that now supports the given process?

Nevertheless, CIOs can’t ignore blockchain’s potential to simplify transaction processes and lower their costs, while speeding their execution and making them more secure. Figure out how it could fit into your company’s transaction network.

9. Educate your business colleagues on the power, nuances, and language of technology. “Wait, you’ve got this all wrong,” we can imagine some readers thinking. Technology leaders need to understand and speak the language of business, not the other way around.

This priority goes both ways.

It has long been a given that CIOs (and their reports) must be capable of having deep, high-level business conversations with other members of the C-suite. A considerable 21.8% of the CIOs in this year’s SIM survey have a non-IT background, up from just 9.0% in 2013. And even most CIOs reared in the IT world have become first-class business strategists—this is hardly a new job requirement. Among the thousands of CIOs who responded to Gartner’s CIO Agenda survey, 84% of the ones at “top-performing organizations” already are responsible for areas of the business outside of traditional IT.

If it wasn’t obvious enough before the digital revolution, almost every company—not just the Facebooks and Alibabas of the world—is now a technology company. So it’s long past time that CEOs, CFOs, COOs, CMOs, and other business leaders understand technology as well as their companies’ CIOs understand business—because technology is their business.

Bill Briggs, global CTO of Deloitte, relates the example of Capital One, where CEO Richard Fairbanks and CIO Robert Alexander now understand that the future of financial services is in embedding machine learning into almost every customer-facing process. Having already created hundreds of Agile development teams—consisting of developers, designers, project managers, and product managers, as it tries to act more like a software company and less like a traditional bank—Capital One is now intent on becoming a world-class engineering company, Briggs says. So the bank is making deep investments in cloud architecture as well as design and engineering talent.

“One of the core things they focused on was tech fluency, because it’s no longer that the technologists have to speak the language of the business. It’s flipping the onus: How does the business actually speak the language of technology better?” Briggs says. “And how do you get in front of that to actually shape the narrative and not let the consultant who sits next to your CEO on a plane figure out the technology roadmap?”

10. Carve out the time, resources, and energy for innovation. Literally for decades, the smartest CEOs and boards of directors have challenged their CIOs to spend a larger percentage of their IT budgets on projects that move the revenue needle, a smaller percentage on ongoing system maintenance and support. (Typically they’ve spent only about 20% of their budgets on innovation projects, and 80% on maintenance.) For the most part, however, CIOs haven’t found a way to escape this 80/20 spending trap.

Cloud computing finally gives CIOs the framework for that escape, as it offloads much of the maintenance/support heavy lifting to service providers that are better equipped to manage those tech workloads, freeing IT organizations to focus on creating digital innovations that truly deliver a competitive advantage.

The challenge now for CIOs who have embraced cloud services is to move at least select employees out of their routines and comfort zones by setting up structured, ongoing processes for hatching, vetting, prototyping, and testing new ideas—the “A” kinds of projects Raytheon CIO Kevin Neifert talks about in Priority No. 5.

Meantime, it’s up to CEOs, especially of large companies, to have the backs of their CIOs. That is, CEOs must empower their CIOs to invest in digital innovations “on the edge”—bolder but shorter-term, OK-to-fail types of projects that potentially will create long-term value, observes Deloitte’s Moffatt.

“This is the disadvantage a large company has versus a startup,” he says. “How do you create these digital innovations on the edge that don’t get eaten by the antibodies that exist within a normal organization? CEOs have to be a bit ambidextrous. They need to figure out how to keep making money so they keep the Wall Street analysts and others happy but at the same time create an environment in which they can invest in some of these things on the edge.”

On a positive note, the SIM study finds that CIO tenure is on the rise—up to an average 6.67 years, compared with an average 5.44 years over the preceding four years. Perhaps it’s a sign that CEOs have bought into this longer-term, bolder vision of technology investment and are giving their CIOs more time to rebalance their 80/20 spending, take risks, and make a difference. We hope so. Their companies’ futures hang in that balance.

Rob Preston is editorial director in Oracle’s Content Central organization, where he provides insights and analysis on a range of issues important to CIOs and other…

Rob Preston is editorial director in Oracle’s Content Central organization, where he provides insights and analysis on a range of issues important to CIOs and other business technology executives. Rob was previously editor in chief of InformationWeek. You can follow Rob at @robpreston.